Use the Keycloak UI or Keycloak REST API to remove the LDAP user federation from Keycloak.
Removing user federation is useful if the LDAP server was decommissioned or if the administrator would like to make changes to the Keycloak configuration using the Keycloak user localization tool.
LDAP user federation is currently configured in Keycloak.
Follow the steps in only one of the sections below:
Log in to the administration console.
See Access the Keycloak User Management UI for more information.
Click on User Federation
under the Configure
header of the navigation panel on the left side of the page.
Click on the three dots on the LDAP provider then the Delete
button.
(ncn-mw#
) Create a function to get a token as a Keycloak master administrator.
MASTER_USERNAME=$(kubectl get secret -n services keycloak-master-admin-auth -ojsonpath='{.data.user}' | base64 -d)
MASTER_PASSWORD=$(kubectl get secret -n services keycloak-master-admin-auth -ojsonpath='{.data.password}' | base64 -d)
SITE_DOMAIN="$(craysys metadata get site-domain)"
SYSTEM_NAME="$(craysys metadata get system-name)"
AUTH_FQDN="auth.cmn.${SYSTEM_NAME}.${SITE_DOMAIN}"
function get_master_token {
curl -ks -d client_id=admin-cli -d username="${MASTER_USERNAME}" --data-urlencode password="${MASTER_PASSWORD}" \
-d grant_type=password "https://${AUTH_FQDN}/keycloak/realms/master/protocol/openid-connect/token" | \
jq -r .access_token
}
(ncn-mw#
) Get the component ID for the LDAP user federation.
COMPONENT_ID=$(curl -s -H "Authorization: Bearer $(get_master_token)" \
"https://${AUTH_FQDN}/keycloak/admin/realms/shasta/components" \
| jq -r '.[] | select(.providerId=="ldap").id')
echo "${COMPONENT_ID}"
Example output:
57817383-e4a0-4717-905a-ea343c2b5722
(ncn-mw#
) Delete the LDAP user federation by performing a DELETE
operation on the LDAP resource.
curl -i -XDELETE -H "Authorization: Bearer $(get_master_token)" "https://${AUTH_FQDN}/keycloak/admin/realms/shasta/components/${COMPONENT_ID}"
If the operation is successful, then the expected HTTP status code is 204. In this case, the command output should begin with the following line:
HTTP/2 204